Cyber beacons: The challenges of new technologies

Share this article:
Cyber beacons: The challenges of new technologies
Cyber beacons: The challenges of new technologies

Information isn't just leaking, it's being broadcast over Web 2.0 mediums, reports Deb Radcliff.

After learning its SecurID authentication product had been accessed by outsiders, security vendor RSA shut down certain social media traffic for several months in 2011 as investigators tracked the origin back to an email. Information gathered to target the recipient was provided freely over social networking sites, what Branden Williams (left), RSA's CTO of marketing, calls “big data mining” by organized bad guys.

“When I look to where the workforce is beaconing sensitive information to criminals and malware, I look to places like Twitter and LinkedIn,” says Williams. “We're living in a world where our entire emerging workforce has grown up online and has been engineered to overshare. Big data miners have taken notice.”

Not only are employees (current and former), partners and contractors beaconing information that can be used in targeted attacks, they also spread product and other intellectual property (IP) over these and many other mediums, such as their online résumés, in blogs, email, Skype, instant and SMS messaging, through misconfigured systems, even search engines, say experts.

Unfortunately, data governance and protections are lacking across most of these channels and mediums. According to an October 2011 survey conducted by the Association of Image and Information Management (AIIM), 65 percent of respondents who had Web 2.0 collaborative environments lacked such controls.

“It used to be that all forms of public communication had to go through sign-off,” says Doug Miles (right), director of market intelligence for AIIM. “Social media, on the other hand, is all about openness and sharing. With one click, the user bypasses all the old controls of brand management, public relations and other approvals, and they're posting who knows what about their organizations.”

Most professionals assigned blogging, Twitter and other communications on behalf of their companies usually go through these checkpoints. Like Williams, they also attend brand/data protection and security training. Since the SecurID breach, RSA has strengthened the social media components in every employee's information security training.

Page 1 of 3
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in Features

Case study: Big LAN on campus

Case study: Big LAN on campus

A university rolled out a wireless network, but was hampered with a user-support problem...until a solution was found. Greg Masters reports.

2014 Women in IT Security: Stacey Halota

2014 Women in IT Security: Stacey Halota

When she stepped into the job of vice president of information security and privacy at Graham Holdings Company in 2003, Stacey Halota had to carve out new territory because her ...

What's sex got to do with it?

What's sex got to do with it?

Harassment has no place in the security industry. Neither do sexism or discrimination. But, there they are. It's time for infosec to just say no, reports Teri Robinson.